Tag: HIPAA

Although governance, risk management and compliance laws and regulations may vary greatly depending on the jurisdiction, issuing authority, regulator and target industry, there appear to be certain common GRC issues that can be used to group mandates into categories. For example, the following nine GRC issues (with examples) may represent a useful taxonomy for the…

The Health Information Technology for Economic and Clinical Health (HITECH) Act[i], signed into law on February 17, 2009, is designed to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act strengthens the civil and criminal enforcement of the privacy and security requirements of the Health Insurance Portability and…

It has been estimated that 55 percent of the cost of any compliance program is due to staffing and training1. Therefore, semi-automation or full automation of compliance processes can be a critical path to lowering overall compliance costs for large enterprises. One possible approach to developing a semi-automated approach to a compliance function could be the…

Regulatory compliance has become an increasingly costly burden. For example, SIFMA has estimated that the U.S. securities industry in 2004 spent $23.2 billion on compliance-related activities(1). In addition, regulatory mandates have become more intrusive in their application to how business is conducted. In response to corporate scandals such as Enron, the mandates have shifted from…

If a company were ever asked to describe its IT security program, the company likely would have to bring in numerous staffers from the IT department and refer to reams of documents to present a full picture of the company’s IT security approach. The need to be able to describe the company’s IT security program…

On June 17, 2009, the U.S. Department of the Treasury issued a white paper entitled “Financial Regulatory Reform – A New Foundation: Rebuilding Financial Supervision and Regulation”(1). This document sets forth the vision of the Obama administration for a new federal regulatory regime for the U.S. financial services industry. One proposed change is to create…

Today’s increasingly complex business landscape is matched by an increasingly challenging governance, risk management and compliance (GRC) landscape. U.S. multi-national companies are faced with a bewildering array of international, U.S. federal and state regulations, depending on the nature of the company’s business. These regulations can include the EU privacy directive, the Basel II Accord, the…